Overview

overview

10

Static

static

1

4410fc043b...8.html

windows7-x64

10

4410fc043b...8.html

windows10-2004-x64

3

Analysis

  • max time kernel
    147s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    14-10-2024 20:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4410fc043beaa9d1ca9d1b1ba3e1499a_JaffaCakes118.html

  • Size

    80KB

  • MD5

    4410fc043beaa9d1ca9d1b1ba3e1499a

  • SHA1

    1bcac9e26aa530e9ee376b04b7ef0c3450bafb27

  • SHA256

    25b73f043d8236a1cc3e528c77630d7194e4ea532f5c39071a4da07f9b90a4dc

  • SHA512

    b0f5dbbaf7ff1742707c7b14e4e9441bf159d3c8de94980d4193dc798d94cb46af9fca410317ccdcae5d7bb1e971485c7634a805e0b33c12ca68f3b8d1684f52

  • SSDEEP

    1536:qwgr8VSeO3x5PZut51NWaS6cgRrhFt8fY:UeO3x5PizNjnFt8fY

Score
10/10
socgholishdiscoverydownloader

Malware Config

Signatures

  • SocGholish

    SocGholish is a JavaScript payload that downloads other malware.

    downloadersocgholish
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\4410fc043beaa9d1ca9d1b1ba3e1499a_JaffaCakes118.html
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2528
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2528 CREDAT:275457 /prefetch:2
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    628be84d0cd23792e65f8d6dc907e25d

    SHA1

    8dc84b6e00843eae382d1ba91552139622855078

    SHA256

    ee73fb640ef5e5d7aab9996a41d802d05ab82b75efa4c262fa690d9c3c787497

    SHA512

    f10f9ddfcec3ba8b5ca2a9c61cd07700b66bec13154b57152e96ee5fdfa9b0c89b4b3577bde86740b47045d9015a76a024fadd04ebf65e3e4bd5a130672068ea

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    febb386ffb7bffd56753e546541e65e0

    SHA1

    569515bb9a246190ba3e293cd10ed2de83dec94f

    SHA256

    8ecae01f8029e94e79be7281121dd13bd0c8082a2c7095c309b1889dc0184ffc

    SHA512

    3ee144e7f3b666b5f924afb1e031e799713217f5691404322d5f2dd2b9446b3be5cc6834bdbafffefe630336137041862db720c2ad471a1cf0a865c54da76e53

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    000bbd98570dc501025aa9ce060db797

    SHA1

    740caa670ab6741be98ec2dc86905315bb3aebac

    SHA256

    cee1cbc0d50c465d1f21d639aaf67948fbbc4be5df2d1e13b49735b343bd38d5

    SHA512

    2e0294d67126566eb62e643a175ca4e1d5f76f8d7c22ce21af7494512f763cc88aae54bf1c182521ddf4a0e90892b3fc08b4b4855a9c18deb77afb29e87f65db

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6dbc9715494b22a301c06fdd5c936892

    SHA1

    cd08d3686952d4be958c633071bfba2c49bc5957

    SHA256

    cc4e290b64fe6b8d0887d87edb80032b309bacc1e6bebb65b37dd15a592a274c

    SHA512

    9997e0728ca8d846f95b3b3755b68d5c6fb198c49e3fc0f393e7369e6abc20fb4e0320b0853f928f3edc95c45c639fb4eab35ef0904e2f9fef9c0b9fb78aa2bd

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    07b5736c5e5f46a0fd6c89a69fa1d45d

    SHA1

    510c5964d94922a41f9717b6ad2fee1c59d166b5

    SHA256

    458458babc0eb5e4ba42b8c0ac065db7b4241c3c755383dfa13728dabaf0a722

    SHA512

    cc50df265ddfc23bb8daa5e29ca47f7061e349e63d3bf4e92838d30393a4a8c58a9532c9c537b4c99a978f7d2e3aa11a5699aa042d4ea13097944fa5bc42c6b9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    ca1edc0962fe13646bba620159a910b6

    SHA1

    2b7d859f026ab3595d4218ef84fdc870ea0ec239

    SHA256

    0bfc25f4b67336bba376510ba0de7da9897ffc723312e42a313e5b78ea306cff

    SHA512

    f32fa9dcfaadc5963fc361221ed2b3d9c4d393f37668f4660ce202c571e22f6a9c01441a53f9ea27221a573b54a495e61b45e6e9771c3c96acb10a7f4f5f2e10

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6b18f04ca9902c91ddb4d6c97c41adca

    SHA1

    fbbe5f845f024d8944358e5c2b5a730db813010c

    SHA256

    51969e2f32ea3ae1b91d2de02b06637837e972a7a5f526572076fdaf705d7bb8

    SHA512

    f1796d293644a94351343eb53e67a52f2c3b579fafc9886e6e10a32ca31323fef709c7a86e5b1835d4c33802f9a61d4f989bf9378e69fdf6877baec7ee76824a

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\2254111616-postmessagerelay[1].js
    Filesize

    10KB

    MD5

    c264799bac4a96a4cd63eb09f0476a74

    SHA1

    d8a1077bf625dac9611a37bfb4e6c0cd07978f4c

    SHA256

    17dce4003e6a3d958bb8307bffa9c195694881f549943a7bdb2769b082f9326d

    SHA512

    6acd83dfd3db93f1f999d524b8828b64c8c0731567c3c0b8a77c6ddcf03d0e74ee20d23171e6ceac0c9f099dce03f8e5d68e78c374da2c055973f6ac2db4e4f9

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\cb=gapi[2].js
    Filesize

    98KB

    MD5

    5d0f7adbfe8ad786d0b00fa07ca9c43d

    SHA1

    e6982e1c79c3f1bc3579bbcdeecc39a5e0725dfe

    SHA256

    85d014b808e2ac4feb928305b0b11d91b709cd0ac03c4f565ab3ad6e3afd2cab

    SHA512

    1f9b04b6d85e4312e60d413779c39c06aef3833f10636e0210a66099d081540c8c403ca062290de439b523a4f09f3a9c2022d8323d6b344d3e7719c2d185df7e

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\jquery-ui.min[1].js
    Filesize

    232KB

    MD5

    e436a692a06f26c45eca6061e44095ea

    SHA1

    f9a30c981cb03c5bfa2ecad82bd2e450e8b9491b

    SHA256

    7846b5904b602bd64bea1eb4557c03b09dabc580b07f18b8d1567d1345f0a040

    SHA512

    1b09a98336cbc0c8ff0f535a457a3db3cd3902e4a724bb2e56563648ed1a36201dd84e63f45dcea80bb6edfe80a17db388379417386dec76341fb9eadbafa88c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\1402174469-widgets[1].js
    Filesize

    97KB

    MD5

    10356da92dfdb6968838104f2bfbc40f

    SHA1

    d94cc7cf2b2a627eb250d0783a93e87557758613

    SHA256

    6356546c93c6d71ecf24fb20384734b0bc72215b71900c1b8f475807c115a046

    SHA512

    f49414a207a5f422c2025dfd4d6e564166fdc962bb41bc17e5924d7f1afedb3e0bba9956ba7e9ef60305e77366c77484b06281ddfc2e0e53d8312c4a31b61b30

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\cb=gapi[1].js
    Filesize

    66KB

    MD5

    aa012028297a26c039c37ab25a4bd17a

    SHA1

    25f23d01b5f580c00778e1c010225e5b8c73b66c

    SHA256

    55cd2316edf7159b623e4ec2c9e3a334027c01e2d1cc386f833ebcd35ed87b38

    SHA512

    d346eb082674fc26d562da9a12f36ad2cc7db1f1b35c891a8734284cf1bd052a967137c1281982070688b2bb2e06c7f4967d1c9397311a31a11a8560b9c45fd5

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\errorPageStrings[1]
    Filesize

    2KB

    MD5

    e3e4a98353f119b80b323302f26b78fa

    SHA1

    20ee35a370cdd3a8a7d04b506410300fd0a6a864

    SHA256

    9466d620dc57835a2475f8f71e304f54aee7160e134ba160baae0f19e5e71e66

    SHA512

    d8e4d73c76804a5abebd5dbc3a86dcdb6e73107b873175a8de67332c113fb7c4899890bf7972e467866fa4cd100a7e2a10a770e5a9c41cbf23b54351b771dcee

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\loupe30[1].cur
    Filesize

    3KB

    MD5

    8d300e130519fc6dc5cf027b3307804c

    SHA1

    dca17fefa8bf60f4997a9b107cfcdb5a2f5864cb

    SHA256

    5f16ab826f87f46f60ad8c98c3bbed9a4273ff2da7843130b3036891251af5ed

    SHA512

    1e3bd73d6ede3a9277d38873e457db57f6af60365ab49a8d10003f4dd22e6abdb27388dfd54be440debad1da46b46e52753d465b94875df541b156626f5a214d

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\plusone[1].js
    Filesize

    62KB

    MD5

    9ad3205f5f0f66cb45c2f100a08ae92d

    SHA1

    f1508ec579134f528c8edac4bbca7dcf71e3a393

    SHA256

    56bb0f796579a6692add8776a44c2c57a321e78b0fcf7f005fa629bfdb8cce9d

    SHA512

    25bfcd410e493ea6bc72bdf11d309c24f738353d6d8d2e83abbe69cdb56eff744eb2e4410d35ea930d1b8df026daed1ef0555d518e972afe6e41f198dc8225da

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\rpc_shindig_random[1].js
    Filesize

    14KB

    MD5

    ec0bde1b421dbb2f9de32fdb220daff2

    SHA1

    aa4273e506ed0a091e4b8177aaf75d9b2332f240

    SHA256

    e55ea0525dd518ad7afd157a24687cf658a9c2a4c627a7e2bf89830e23c39a1d

    SHA512

    84f1d9de515f7cacd66dade5e2fe49ca3fdf63501515e5cf0caf82e34afe07bf45351d2920e8bc2010ba52fcbb9ea96609fbed57079c4bd2406cfd527ee57e60

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\454518911-widget_css_bundle[1].css
    Filesize

    32KB

    MD5

    7f736e7c6844ea55b608b08713e0822c

    SHA1

    e9242a3e84ba2167c85a2364f034e26130d3362a

    SHA256

    45153ae90182f718cb7dc159ac2a02a3c8b5f9714d2d30b43e66a158a778a14d

    SHA512

    b1dda580493f8c80a68b8b13c7abfb5522fb8b13ba2ae4adfef399837e918cd6b061db721d62672c7bfb2f6daea54b0c31c71ab2af4d5c06b7dfe514d235d55c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\cb=gapi[1].js
    Filesize

    30KB

    MD5

    b0526a9a95d5a163273dd81c27d3db2c

    SHA1

    ae21ab9a01cb083d108bbb05f95944a8bf224af3

    SHA256

    3067adea65e10dbf9507a1baaa1ebd90757f03fee216b656509ccc5b8d7c5673

    SHA512

    b2ec2aaf6749e6dfdb31e3f5ad5427cc3ea833e59a6347e6bc35ced11bd8f6cd6aa7371a7e44266fee2bd5d4f9fe8e6e843a87b2ae0510a25a30b904f8deee30

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\httpErrorPagesScripts[1]
    Filesize

    8KB

    MD5

    3f57b781cb3ef114dd0b665151571b7b

    SHA1

    ce6a63f996df3a1cccb81720e21204b825e0238c

    SHA256

    46e019fa34465f4ed096a9665d1827b54553931ad82e98be01edb1ddbc94d3ad

    SHA512

    8cbf4ef582332ae7ea605f910ad6f8a4bc28513482409fa84f08943a72cac2cf0fa32b6af4c20c697e1fac2c5ba16b5a64a23af0c11eefbf69625b8f9f90c8fa

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\jquery-2.1.1[1].js
    Filesize

    241KB

    MD5

    7403060950f4a13be3b3dfde0490ee05

    SHA1

    8d55aabf2b76486cc311fdc553a3613cad46aa3f

    SHA256

    140ff438eaaede046f1ceba27579d16dc980595709391873fa9bf74d7dbe53ac

    SHA512

    ee8d83b5a07a12e0308ceca7f3abf84041d014d0572748ec967e64af79af6f123b6c2335cf5a68b5551cc28042b7828d010870ed54a69c80e9e843a1c4d233cf

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\dnserrordiagoff[1]
    Filesize

    1KB

    MD5

    47f581b112d58eda23ea8b2e08cf0ff0

    SHA1

    6ec1df5eaec1439573aef0fb96dabfc953305e5b

    SHA256

    b1c947d00db5fce43314c56c663dbeae0ffa13407c9c16225c17ccefc3afa928

    SHA512

    187383eef3d646091e9f68eff680a11c7947b3d9b54a78cc6de4a04629d7037e9c97673ac054a6f1cf591235c110ca181a6b69ecba0e5032168f56f4486fff92

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\geomap_iframe_css_64[1].htm
    Filesize

    45KB

    MD5

    79c55102491a45acc28486b6d606492b

    SHA1

    1689f1a5f433e46529a9dfe0ad9c80d20c46cb70

    SHA256

    0752ba605369b9e24001686643a991114199d0b477e661bd0faef72f63cb9521

    SHA512

    5bf8666aa20df93e69affeb9edafb988cf57e9f738c9ff94db227564c2ec1e68d963a336e8dc27e54ae60dcfc1fafdca46f326fa80b3e3faf76e305ae781d73c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\CabF0F.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar13B4.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit